TOTOLINK LR1200GB 安全漏洞

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from a stack buffer overflow...

CVE-2023-41451

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component...

SUSE CVE-2023-38057

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

Malicious code in fc-text-input (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a77cf260f432244dc8401fd56c9cf495d88b68182872ddc07d47825a16220276 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-373 Malicious code in fc-text-input (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a77cf260f432244dc8401fd56c9cf495d88b68182872ddc07d47825a16220276 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-33187 highlight vulnerable to cleartext transmission of sensitive information

Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to type="text" via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates type="password" inputs...

SUSE CVE-2017-5432

A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

SUSE CVE-2018-12374

Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird 52.9...

SUSE CVE-2022-0300

Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to stored cross-site scripting attacks. The library does not check for XSS payloads in the text of a new post, allowing an attacker to inject and execute malicious javascript...

Bolt stored Cross-site Scripting (XSS)

Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry...

Bolt Cross-site Scripting (XSS) via text input click preview button

Bolt CMS 3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry...

GHSA-GJX6-58XH-P7PW Bolt Cross-site Scripting (XSS) via text input click preview button

Bolt CMS 3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry...

CVE-2022-0300

Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-0300

Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2022-0300

Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-0300

Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page...

Design/Logic Flaw

Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2022-0300

Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-0300

CVE-2022-0300 affects Google Chrome on Android: Use-after-free in Text Input Method Editor could allow a remote attacker who persuades a user to perform specific interactions to trigger heap corruption via a crafted HTML page. The advisory notes this as a potential exploit path. Remediation: upda...